[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuVSUqOAnhtlQDVdHnVt9Jr3sSIpGdQ03hQ9gL-QJnHs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":67,"fingerprints":136},"wp-fast-search","WP Fast Search","0.1","graemeboy","https:\u002F\u002Fprofiles.wordpress.org\u002Fgraemeboy\u002F","\u003Cp>Responds to key press, instantly presents a drop-down menu of post titles for the user to select from (with ten-post max per result set).\u003C\u002Fp>\n\u003Cp>The user can scroll through the list of posts using the mouse or keyboard (pressing enter or clicking on a title will take the user to the selected post.)\u003C\u002Fp>\n\u003Cp>Data for posts are loaded asychronously once the page is loaded, and so it will not affect the page loading speed. Only one request per page load is ever sent to the server, which queries for cached post information, and therefore the plugin is performant.\u003C\u002Fp>\n","A blazingly fast drop-down search widget for Wordpress",10,1335,100,1,"2015-01-05T02:05:00.000Z","4.1.42","3.0.1","",[20],"serach","http:\u002F\u002Fwww.graemeboy.com\u002Fwp-fast-search","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-fast-search.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":23,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},4,80,30,84,"2026-04-05T08:37:58.501Z",[35,55],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":24,"num_ratings":24,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":18,"tags":48,"homepage":53,"download_link":54,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26},"ajax-search-popup","Ajax Search Popup","1.0","yasintechnology","https:\u002F\u002Fprofiles.wordpress.org\u002Fyasintechnology\u002F","\u003Cp>This plugin to search by Post And Page on KeyUp with Ajax.\u003Cbr \u002F>\n Live Ajax Search.\u003Cbr \u002F>\n Easy To Customize.\u003Cbr \u002F>\nQuick and easily access to information.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Col>\n\u003Cli>To get started, click on the sub-menu Search Popup > Setting. \u003C\u002Fli>\n\u003Cli>You can use shortcode to run searchform.\u003C\u002Fli>\n\u003Cli>Example: [ajax_popup_search]\u003C\u002Fli>\n\u003Cli>Add to widget\u003C\u002Fli>\n\u003C\u002Fol>\n","Search By Post And Page On KeyUp.",20,1606,"2018-09-21T17:44:00.000Z","4.9.29","4.0",[49,50,51,52],"ajax-search","search-keyup","search-popup","serach-ajax","https:\u002F\u002Fwww.yasin.tk\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fajax-search-popup.zip",{"slug":56,"name":57,"version":38,"author":39,"author_profile":40,"description":58,"short_description":59,"active_installs":24,"downloaded":60,"rating":24,"num_ratings":24,"last_updated":18,"tested_up_to":46,"requires_at_least":47,"requires_php":18,"tags":61,"homepage":53,"download_link":65,"security_score":13,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":66},"advance-search-ajax","Advance Ajax Live Search","\u003Cp>This plugin to search by Author-Tag-Cats-Date And Keyword with Ajax.\u003Cbr \u002F>\n Loading Ajax Search.\u003Cbr \u002F>\n Eazy To Customize.\u003Cbr \u002F>\nQuick and easily access to information.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Col>\n\u003Cli>To get started, click on the sub-menu Search Me > Search Setting. \u003C\u002Fli>\n\u003Cli>You can use shortcode to run searchform.\u003C\u002Fli>\n\u003Cli>Example: [Advance_Search_Ajax]\u003C\u002Fli>\n\u003C\u002Fol>\n","Search By Author-Tag-Cats-Date And Keyword.",1551,[49,62,63,64],"search-by-category","search-by-date","serach-by-tag","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvance-search-ajax.zip","2026-03-15T10:48:56.248Z",{"attackSurface":68,"codeSignals":89,"taintFlows":121,"riskAssessment":122,"analyzedAt":135},{"hooks":69,"ajaxHandlers":76,"restRoutes":85,"shortcodes":86,"cronEvents":87,"entryPointCount":88,"unprotectedCount":88},[70],{"type":71,"name":72,"callback":73,"file":74,"line":75},"action","widgets_init","wpfs_register_fast_searcH_widget","main.php",16,[77,82],{"action":78,"nopriv":79,"callback":80,"hasNonce":79,"hasCapCheck":79,"file":74,"line":81},"wpfs_get_post_titles",false,"wpfs_getPostTitles",18,{"action":78,"nopriv":83,"callback":80,"hasNonce":79,"hasCapCheck":79,"file":74,"line":84},true,19,[],[],[],2,{"dangerousFunctions":90,"sqlUsage":91,"outputEscaping":93,"fileOperations":24,"externalRequests":24,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":120},[],{"prepared":24,"raw":24,"locations":92},[],{"escaped":29,"rawEcho":94,"locations":95},12,[96,99,101,103,105,107,109,111,112,114,116,118],{"file":74,"line":97,"context":98},49,"raw output",{"file":74,"line":100,"context":98},51,{"file":74,"line":102,"context":98},58,{"file":74,"line":104,"context":98},74,{"file":74,"line":106,"context":98},77,{"file":74,"line":108,"context":98},78,{"file":74,"line":110,"context":98},82,{"file":74,"line":23,"context":98},{"file":74,"line":113,"context":98},86,{"file":74,"line":115,"context":98},114,{"file":74,"line":117,"context":98},165,{"file":74,"line":119,"context":98},174,[],[],{"summary":123,"deductions":124},"The \"wp-fast-search\" plugin version 0.1 presents a significant security risk due to its unprotected AJAX endpoints. While the plugin exhibits some good practices, such as using prepared statements for all SQL queries and avoiding dangerous functions, the lack of authentication and capability checks on its entry points creates a substantial attack surface. The static analysis indicates that both of the plugin's AJAX handlers are accessible without any form of authorization, meaning an unauthenticated attacker could potentially trigger them.\n\nThe absence of taint analysis results and vulnerability history data makes it difficult to assess past or potential complex attack vectors. However, the low percentage of properly escaped output (25%) is a notable concern. This suggests that user-supplied data may not be adequately sanitized before being displayed, potentially leading to Cross-Site Scripting (XSS) vulnerabilities. Given the direct exposure of AJAX handlers, an attacker could craft malicious inputs that, when processed by these handlers and outputted without proper escaping, could execute arbitrary JavaScript in the user's browser.\n\nOverall, while the plugin avoids certain common pitfalls like raw SQL queries and bundled libraries, the critical oversight of unprotected AJAX handlers and insufficient output escaping creates a high-risk profile. The complete lack of security checks on the identified entry points is a primary concern that needs immediate attention. The plugin's security posture is currently weak due to these critical omissions.",[125,127,130,133],{"reason":126,"points":11},"AJAX handlers without auth checks",{"reason":128,"points":129},"Low output escaping percentage",7,{"reason":131,"points":132},"No nonce checks on AJAX",5,{"reason":134,"points":132},"No capability checks","2026-03-17T00:52:31.766Z",{"wat":137,"direct":146},{"assetPaths":138,"generatorPatterns":140,"scriptPaths":141,"versionParams":143},[139],"\u002Fwp-content\u002Fplugins\u002Fwp-fast-search\u002Fstyle.css",[],[142],"\u002Fwp-content\u002Fplugins\u002Fwp-fast-search\u002Fwp-fast-search.js",[144,145],"wp-fast-search\u002Fstyle.css?ver=","wp-fast-search\u002Fwp-fast-search.js?ver=",{"cssClasses":147,"htmlComments":156,"htmlAttributes":157,"restEndpoints":159,"jsGlobals":161,"shortcodeOutput":173},[148,149,150,151,152,153,154,155],"wpfs-results","wpfs-open","wpfs-result-item","wpfs-selected","wpfs-results-wrapper","wpfs-wrapper","wpfs-input","wpfs-no-results",[],[158],"data-index",[160],"\u002Fwp-json\u002Fwpfs\u002Fv1\u002Fsearch",[162,163,164,165,166,167,168,169,170,171,172],"wpfsAjaxUrl","postTitles","searchInput","resultsLimit","results","resultsEasyIndex","numResults","wpfsWrapper","resultsEl","resultItem","selectedIndex",[]]